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DETAILED ACTION 

This action is in response to the Arguments filed on September 12, 2005. 
Claims 3, 19 and 27 have been cancelled by the Applicant. 
Claims 1-2, 4-18, 20-26, and 28-48 are herein considered. 



Response to Arguments 

Applicant's arguments filed September 12, 2005 have been fully 
considered but they are not persuasive. 

The Applicant's first argument concerns Wheeler's failure to disclose 
wherein the user's authentication information comprises levels of authentication 
corresponding to locations and wherein different access to the same entity is 
given when the user requests access from different locations. The Examiner 
respectfully disagrees with the Applicant's contentions and would like to draw the 
Applicant's attention to the paragraphs wherein Wheeler discloses how "[a] 
building may require by its rules a higher or different or multiple authentication 
factors to be entered by the requesting entity" (par 67), "for example, a parking 
lot would typically have a fairly low security level, while a nuclear research 
laboratory which might be accessed from the parking lot would have a high 
security level required to grant access" (par 58). Wheeler goes on to suggest 
that his "business rules include gauging the risk of granting access to the 
controlled resource" which are evaluated using a variety of risk elements 
including "geographical history of the EC inputs" and "the type of communications 
network used, such as secure intranet or the unsecured internet" (par 58). 
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Wheeler provides support for the need for location-based security levels within 
his background of the invention wherein he discusses how "access to specific 
buildings can require a second or stronger authentication factor" (par 3) in 
addition to access to specific databases and computer systems (pars 3-5). It is 
clear from this paragraphs that Wheeler has taken into consideration the need for 
different security levels corresponding to different access locations. 

Concerning the Applicant's contention that Maritzen fails to disclose 
wherein the user's authentication information comprises levels of authentication 
corresponding to locations and wherein different access to the same entity is 
given when the user requests access from different locations, the Examiner 
respectfully disagrees and would like to draw the Applicant's attention 
paragraphs wherein Maritzen discloses wherein "a point-of-sale system may 
provide additional information to the transaction device" specific to the user's 
location (par 59). Maritzen teaches wherein the user is capable of gaining 
secure access to TCPH for various purposes, through various terminals and 
network mechanisms on a variety of transaction devices, each of which requires 
security (par 49). From these paragraphs it is clear that Wheeler has also taken 
into consideration the user's mobility and the need for requisite security 
regardless of where and how the user might choose to access the system. 

In view of the arguments previous, Examiner respectfully disagrees with 
the Applicant's argument that Wheeler and Maritzen fail to disclose wherein the 
user's authentication information comprises levels of authentication 
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corresponding to locations and wherein different access to the same entity is 
given when the user requests access from different locations. 

In view of Applicant's amendments to claims 1, 5, 12, 17, 20, 21, 28, 31, 
37-40, and 47-48 the Examiner has provided below an amended set of 35 U.S.C. 
1 02(e) rejections for those claims amended. With respect to claims 2, 4, 6-1 1 , 
13-16, 18, 22-26, 29-30, and 41-46, the Examiner maintains the corresponding 
35 U.S.C. 102(e) rejections as provided in the previous office action. 

Claim Rejections - 35 USC § 102 

The text of those sections of Title 35, U.S. Code not included in this action 
can be found in a prior Office action. 

Amended claims 1, 5, 12, 17, 20, 21, 28, 31, 37-40, and 47-48 are 
rejected under 35 U.S.C. 102(e) as being anticipated by Wheeler et al., U.S. 
Patent Application Publication No. 2003/0126439 A1. 

As per amended claim 1, Wheeler discloses a method comprising: 
transmitting identification information related to a user to an authentication entity 
(access authentication component); and receiving access to a secure entity 
(controlled resource) coupled to said authentication entity (access authentication 
component) if authentication information identifying said user is provided to said 
secure entity (controlled resource) ([0061]), said authentication information 
comprising levels of authentication corresponding to locations, wherein different 
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access to said secure entity is given when said user requires access from 
different locations ([0003]-[0005], [0058], [0067], [0130]). 

As per amended claim 5, Wheeler discloses the method according to 
claim 4, wherein said profile contains said identification information related to 
said user and at least one level of authentication ([0130]). 

As per amended claim 12, Wheeler discloses a method comprising: 
receiving an authentication request related to a user requesting access to a 
secure entity; retrieving a profile of said user from an access database, said 
profile containing at least one access question uniquely identifying said user; and 
transmitting authentication information to said secure entity based on an answer 
to said at least one access question (secret) received from said user ([0012- 
001 3], [0065], [0087]; Figure 14), said authentication information comprising levels 
of authentication corresponding to locations, wherein different access to said 
secure entity is given when said user requests access from different locations 
([0003]-[0005], [0058], [0067], [0130]). 

As per amended claim 17, Wheeler discloses the method according to 
claim 12, further comprising receiving identification information related to said 
user from a personal transaction device coupled to said user and said secure 
entity, said identification information including said at least one access question 
(secret); and ([0012-0013]), storing said at least one access question and at least 
one level of authentication in said profile within said access database ([0021- 
0022], [0058], [0130]). 
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As per amended claim 20, Wheeler discloses the method according to 
claim 12, further comprising receiving identification information related to said 
user from a personal transaction device coupled to said user and said secure 
entity ([0020-21]); creating said at least one access question based on said 
identification information; and storing said at least one access question and at 
least one level of authentication in said profile within said access database 
([0012-0013], [0058], [0130]). 

Amended claim 21 is directed towards a system's implementation of the 
method of claim 12 and is rejected by similar rationale. 

Amended claim 28 is directed towards a system's implementation of the 
method of claim 20 and is rejected by similar rationale. 

As per amended claim 31 , Wheeler discloses an apparatus comprising: 
means for transmitting identification information related to a user to an 
authentication entity; and means for receiving access to a secure entity coupled 
to said authentication entity if authentication information identifying said user is 
provided to said secure entity ([0020],[0022]), said authentication information 
comprising levels of authentication corresponding to locations, wherein different 
access to said security entity is given where said user requests access from 
different locations ([0003]-[0005], [0058], [0067], [0130]). 

As per amended claim 37, Wheeler discloses an apparatus comprising: 
means for receiving an authentication request related to a user requesting 
access to a secure entity; means for retrieving a profile of said user from an 
access database, said profile containing at least one access question (secret) 
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uniquely identifying said user; and means for transmitting authentication 
information to said secure entity based on an answer to said at least one access 
question received from said user ([0013], [0133], [0021]), said authentication 
information comprising levels of authentication corresponding to locations, 
wherein different access to said secure entity is given when said user requests 
access from different locations ([0003]-[0005], [0058], [0067], [0130]). 

As per amended claim 38, Wheeler discloses the apparatus according to 
claim 37, further comprising: means for receiving identification information related 
to said user from a personal transaction device coupled to said user and said 
secure entity, said identification information including said at least one access 
question (secret); and means for storing said at least one access question and at 
least one level of authentication in said profile within said access database 
([0013,0133], [0130]). 

As per amended claim 39, Wheeler discloses the apparatus according to 
claim 37, further comprising means for receiving identification information related 
to said user from a personal transaction device coupled to said user and said 
secure entity ([0019], [0021-0022]); means for creating said at least one access 
question (secret) based on said identification information ([001 3], [001 5]); and 
means for storing said at least one access question and at least one level of 
authentication in said profile within said access database ([0013,0133]). 

Amended claim 40 is directed towards the apparatus of claim 31 wherein 
the apparatus is a computer-readable medium executing instructions within a 
processing system and are rejected by similar rationale. 
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Amended claims 47-48 are directed towards the apparatus of claims 38- 
39 wherein the apparatus is a computer-readable medium executing instructions 
within a processing system and are rejected by similar rationale. 

Amended claims 1, 5, 12, 17, 20, 21, 28, 31, 37-40, and 47-48 are 
rejected under 35 U.S.C. 102(e) as being anticipated by Maritzen et al., U.S. 
Patent Application Publication No. 2002/0026423 A1. 

As per amended claim 1, Maritzen discloses a method comprising 
transmitting identification information related to a user to an authentication entity; 
and ([0033] lines 15-23; [0037]) receiving access to a secure entity coupled to 
said authentication entity if authentication information identifying said user is 
provided to said secure entity ([0036]), said authentication information comprising 
levels of authentication corresponding to locations, wherein different access to 
said secure entity is given when said user requires access from different 
locations ([0049], [0059]). 

As per amended claim 5, Maritzen discloses the method according to 
claim 4, wherein said profile contains said identification information related to 
said user and at least one level of authentication ([0037]). 

As per amended claim 12, Maritzen discloses a method comprising: 
receiving an authentication request related to a user requesting access to a 
secure entity; retrieving a profile of said user from an access database, said 
profile containing at least one access question uniquely identifying said user; and 
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transmitting authentication information to said secure entity based on an answer 
to said at least one access question received from said user ([0033]), said 
authentication information comprising levels of authentication corresponding to 
locations, wherein different access to said secure entity is given when said user 
requires access from different locations ([0049], [0059]). 

As per amended claim 17, Maritzen discloses the method according to 
claim 12, further comprising: receiving identification information related to said 
user from a personal transaction device coupled to said user and said secure 
entity, said identification information including said at least one access question; 
and storing said at least one access question and at least one level of 
authentication in said profile within said access database ([0033], [0054]). 

As per amended claim 20, Maritzen discloses the method according to 
claim 12, further comprising: receiving identification information related to said 
user from a personal transaction device coupled to said user and said secure 
entity; creating said at least one access question based on said identification 
information; and storing said at least one access question and at least one level 
of authentication in said profile within said access database ([0033], [0054]). 

Amended claim 21 is directed towards a system's implementation of the 
method of claim 12 and is rejected by similar rationale. 

Amended claim 28 is directed towards a system's implementation of the 
method of claim 20 and is rejected by similar rationale. 

As per amended claim 31 , Maritzen discloses an apparatus comprising: 
means for transmitting identification information related to a user to an 
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authentication entity (TCPH); and means for receiving access to a secure entity 
coupled to said authentication entity if authentication information identifying said 
user is provided to said secure entity ([0033]), said authentication information 
comprising levels of authentication corresponding to locations, wherein different 
access to said secure entity is given when said user requires access from 
different locations ([0049], [0059]). 

As per amended claim 37, Maritzen discloses an apparatus comprising: 
means for receiving an authentication request related to a user requesting 
access to a secure entity (vendor/financial system); means for retrieving a profile 
of said user from an access database, said profile containing at least one access 
question uniquely identifying said user (i.e. mother's maiden name); and means 
for transmitting authentication information (account does exist, funds available) to 
said secure entity based on an answer to said at least one access question 
received from said user ([0033],[0036]), said authentication information 
comprising levels of authentication corresponding to locations, wherein different 
access to said secure entity is given when said user requires access from 
different locations ([0049], [0059]). 

As per amended claim 38, Maritzen discloses the apparatus according to 
claim 37, further comprising: means for receiving identification information related 
to said user from a personal transaction device coupled to said user and said 
secure entity, said identification information including said at least one access 
question; and means for storing said at least one access question and at least 
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one level of authentication in said profile within said access database 
([0033],[0036],[0054]). 

As per amended claim 39, Maritzen discloses the apparatus according to 
claim 37, further comprising: means for receiving identification information related 
to said user from a personal transaction device coupled to said user and said 
secure entity; means for creating said at least one access question based on 
said identification information; and means for storing said at least one access 
question and at least one level of authentication in said profile within said access 
database ([0033],[0036],[0054]). 

Amended claim 40 is directed towards the apparatus of claim 31 wherein 
the apparatus is a computer-readable medium executing instructions within a 
processing system and is rejected by similar rationale. 

Amended claims 47-48 are directed towards the apparatus of claims 38- 
39 wherein the apparatus is a computer-readable medium executing instructions 
within a processing system and are rejected by similar rationale. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

In the course of the Examiner's updated prior art search, additional prior 
art was 



Application/Control Number: 10/017,988 Page 
Art Unit: 2137 

found, which although not relied upon in the present office action, teaches the 
limitations of Applicant's invention and may be relied upon in future office actions 
if the need arises. 

Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Tamara Teslovich whose telephone number 
is (571) 272-4241. The examiner can normally be reached on Mon-Fri 8-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Emmanuel Moise can be reached on (571) 272-3865. 
The fax phone number for the organization where this application or proceeding 
is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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